I don't see having HTTPS by default in LuCI as something good or even
necessary ? It's actually an unnecessary complication that could always
be optional.
One of the main reasons is that in many and probably most cases of a new
deployed OpenWrt router there is still no Internet connection available.
Also it doesn't seem to be that people need it since access by default
is only done via the LAN interfaces. If someone for some reason wishes
for example to expose the LuCI web interface to the internet than fine
to have it running on HTTPS and that can be enabled by those who wish to
operate in such way. As this example there are certainly others that
justify to have a HTTPS but I don't they they are most.
The same way I see as interesting to have an automated way to generate
SSL Certificates (ex: via Let's Encrypt), but again, that should be
optional to only those who wish to use HTTPS for their specific needs.
Fernando
On 20/11/2020 06:44, Karl Palsson wrote:
"Paul Spooren" <m...@aparcar.org> wrote:
Hi,
The current list of release goals for 20.xx states[0] that LuCI
should use HTTPS per default. This works by creating on-device
a self-signed certificate. Self-signed certificates result in
warnings and may cause more harm than good, multiple discussion
are found in the mail archive.
As no clean solution seems in reach while 20.xx seems close,
I'd like to suggest to postponse HTTPS LuCI (`luci-ssl` vs
`luci`) per default.
This isn't a vote but a request for developer/user opinions.
Very much in favour of leaving this off, self-signed isn't viable
by default
Sincerely,
Karl Palsson
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
